vps-leon #67
|
|
@ -58,7 +58,7 @@
|
|||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim python3Full nmap htop wireguard-tools
|
||||
wget vim python3Full python310Packages.pip nmap htop wireguard-tools
|
||||
];
|
||||
|
||||
|
||||
|
|
@ -76,17 +76,6 @@
|
|||
allowedUDPPorts = [ 5000 22 53 80 8080 18900 19900 ];
|
||||
};
|
||||
|
||||
|
||||
#-------------------------------VPN---------------------------------
|
||||
|
||||
# enable NAT
|
||||
# networking.nat.enable = true;
|
||||
# networking.nat.externalInterface = "eth0";
|
||||
# networking.nat.internalInterfaces = [ "wg0" ];
|
||||
# networking.firewall = {
|
||||
# allowedUDPPorts = [ 51820 ];
|
||||
# };
|
||||
|
||||
#_______________________________Begin-VPN1-Server____________________________________
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
|
|
@ -94,12 +83,9 @@
|
|||
vpn1 = {
|
||||
#IP address && Subnet.
|
||||
ips = [ "10.10.11.1/24" ];
|
||||
|
||||
#VPN Port.
|
||||
listenPort = 18900;
|
||||
|
||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
||||
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
|
||||
privateKeyFile = "/etc/wireguard/privatekey";
|
||||
#----------------------Start-Routing----------------------------
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE
|
||||
|
|
@ -110,15 +96,8 @@
|
|||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE
|
||||
'';
|
||||
#----------------------End-Routing----------------------------
|
||||
|
||||
# Path to the private key file.
|
||||
#
|
||||
# Note: The private key can also be included inline via the privateKey option,
|
||||
# but this makes the private key world-readable; thus, using privateKeyFile is
|
||||
# recommended.
|
||||
privateKeyFile = "/etc/wireguard/privatekey";
|
||||
|
||||
peers = [
|
||||
|
||||
peers = [
|
||||
# ------------------leon-------------------------.
|
||||
{
|
||||
#leoncloud-vm
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim python3Full nmap htop wireguard-tools docker-compose
|
||||
wget vim python3Full python310Packages.pip nmap htop wireguard-tools docker-compose
|
||||
];
|
||||
|
||||
users.users.leoncloud = {
|
||||
|
|
@ -63,15 +63,14 @@
|
|||
#------------------Wireguard-client----------------------------
|
||||
# Enable WireGuard
|
||||
networking.wireguard.interfaces = {
|
||||
wg0 = {
|
||||
vpn = {
|
||||
ips = [ "10.10.11.4/24" ];
|
||||
privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
|
||||
|
||||
peers = [
|
||||
{
|
||||
publicKey = "w3qegSSuqFTFrGk4XJaWBSwGDOiqbnnAIR9MzwjYVA8=";
|
||||
allowedIPs = [ "10.10.11.0/24" ];
|
||||
endpoint = "45.158.40.162:18800";
|
||||
endpoint = "45.158.40.162:18900";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
|
|
|
|||
Loading…
Reference in New Issue